Windows malware 'Snake' ported to Mac for first time, masquerades as Adobe Flash

Posted:
in macOS
A piece of malware long targeting Windows users -- known sometimes as "Snake," "Turla," or "Uroboros" -- is now reportedly being turned against Mac owners.




The updated code comes disguised as an Adobe Flash Player installer, wrapped inside a ZIP file labeled "Install Adobe Flash Player.app.zip," Malwarebytes said on Friday. A giveaway to its origins is that when run, the installer is signed by an "Addy Symonds" instead of Adobe -- this initially tricked macOS's Gatekeeper feature, but Apple has already revoked the bad certificate.

If Gatekeeper is set to allow unsigned apps, victims should then be asked to enter their administrator password, as with Adobe's real Flash installer. The look of the installer also mimics the real software, and in fact a working version of Flash is ready at the end. Similar malware typically runs a completely fake Flash installation, or has to launch the legitimate one second.

People who fall prey open up a backdoor to their system which can expose passwords and unencrypted files, Malwarebytes said.

Infection is unlikely not just because of Gatekeeper, but because the file must be intentionally downloaded and run, for instance when delivered as an email attachment.

Just last week, another piece of malware, known as "Dok," was also discovered targeting Mac users with a signed certificate. That code was being delivered through an email phishing campaign, and concealed as a fake OS X update.
«1

Comments

  • Reply 1 of 26
    sflocalsflocal Posts: 6,136member
    Well. the first mistake this clown did was to pretend to be Adobe Flash.  That alone will pretty much assure that no one on a Mac will install it. :)
    suddenly newtonSolitallest skilFatmanpscooter63macplusplussockroliddysamoriaMacProlostkiwi
  • Reply 2 of 26
    macxpressmacxpress Posts: 5,940member
    sflocal said:
    Well. the first mistake this clown did was to pretend to be Adobe Flash.  That alone will pretty much assure that no one on a Mac will install it. :)
    Don't be surprised...many people still need Flash for certain things. Unfortunately, websites still require it here and there. 
    baconstangbsenka
  • Reply 3 of 26
    22july201322july2013 Posts: 3,735member
    This malware was clearly subsidized by Microsoft so Apple could no longer advertise "Macs don't get windows viruses." [/sarcasm]
  • Reply 4 of 26
    rob53rob53 Posts: 3,311member
    macxpress said:
    sflocal said:
    Well. the first mistake this clown did was to pretend to be Adobe Flash.  That alone will pretty much assure that no one on a Mac will install it. :)
    Don't be surprised...many people still need Flash for certain things. Unfortunately, websites still require it here and there. 
    Like xfinity tv and NBA to name two big ones. Of course these sites work fine on iOS devices. 
  • Reply 5 of 26
    suddenly newtonsuddenly newton Posts: 13,819member
    sflocal said:
    Well. the first mistake this clown did was to pretend to be Adobe Flash.  That alone will pretty much assure that no one on a Mac will install it. :)
    I was thinking that disguising it as Flash would make me avoid it like the plague, but sadly, that it not universally true, even for Mac users. And some websites still use it. Even GoogleTube was still trying to use Flash if it detected it (even disabled with Click-to-Flash) on your computer. The only way to truly force YT to use HTML5 video was to completely uninstall Flash.
    dysamoria
  • Reply 6 of 26
    macxpressmacxpress Posts: 5,940member
    rob53 said:
    macxpress said:
    sflocal said:
    Well. the first mistake this clown did was to pretend to be Adobe Flash.  That alone will pretty much assure that no one on a Mac will install it. :)
    Don't be surprised...many people still need Flash for certain things. Unfortunately, websites still require it here and there. 
    Like xfinity tv and NBA to name two big ones. Of course these sites work fine on iOS devices. 
    Its also still widely used in the educational market...so many educational websites are still flash based. As a result, I have to install Flash on all computers, Mac or PC and constantly have to update Flash as well as a result. And no, before anyone says it, its not as simple as just saying to a staff member that they can't use this site because its flash based. 
    dysamoria
  • Reply 7 of 26
    eightzeroeightzero Posts: 3,148member
    rob53 said:
    macxpress said:
    sflocal said:
    Well. the first mistake this clown did was to pretend to be Adobe Flash.  That alone will pretty much assure that no one on a Mac will install it. :)
    Don't be surprised...many people still need Flash for certain things. Unfortunately, websites still require it here and there. 
    Like xfinity tv and NBA to name two big ones. Of course these sites work fine on iOS devices. 
    youtube
  • Reply 8 of 26
    suddenly newtonsuddenly newton Posts: 13,819member
    Way back machine brings us Google's initial response to the Steve Jobs "Thoughts on Flash" open letter (and the brouhaha that erupted from the Apple-hating tech world):
    http://gizmodo.com/5505682/how-adobe-and-google-are-making-sure-flash-will-never-die
  • Reply 9 of 26
    neilmneilm Posts: 1,001member
    Malware pretending to be Flash.
    Bwahahahahahahaha!
    baconstangsockroliddjkfisherdysamoriasphericlostkiwibrakkennicksaintjohn
  • Reply 10 of 26
    macxpressmacxpress Posts: 5,940member
    eightzero said:
    rob53 said:
    macxpress said:
    sflocal said:
    Well. the first mistake this clown did was to pretend to be Adobe Flash.  That alone will pretty much assure that no one on a Mac will install it. :)
    Don't be surprised...many people still need Flash for certain things. Unfortunately, websites still require it here and there. 
    Like xfinity tv and NBA to name two big ones. Of course these sites work fine on iOS devices. 
    youtube
    Everything I've ever watched on YouTube is HTML5 now. I don't believe Flash is required for YouTube anymore. 
    sockroliddjkfisherdysamoria
  • Reply 11 of 26
    jkichlinejkichline Posts: 1,369member
    No Flash for me.  If your website requires Flash or Java, I'm not using your business services.
    rob55pscooter63sockroliddysamorialostkiwi
  • Reply 12 of 26
    NY1822NY1822 Posts: 621member
    eightzero said:
    rob53 said:
    macxpress said:
    sflocal said:
    Well. the first mistake this clown did was to pretend to be Adobe Flash.  That alone will pretty much assure that no one on a Mac will install it. :)
    Don't be surprised...many people still need Flash for certain things. Unfortunately, websites still require it here and there. 
    Like xfinity tv and NBA to name two big ones. Of course these sites work fine on iOS devices. 
    youtube
    CNBC Live
  • Reply 13 of 26
    macplusplusmacplusplus Posts: 2,116member
    macxpress said:
    rob53 said:
    macxpress said:
    sflocal said:
    Well. the first mistake this clown did was to pretend to be Adobe Flash.  That alone will pretty much assure that no one on a Mac will install it. :)
    Don't be surprised...many people still need Flash for certain things. Unfortunately, websites still require it here and there. 
    Like xfinity tv and NBA to name two big ones. Of course these sites work fine on iOS devices. 
    Its also still widely used in the educational market...so many educational websites are still flash based. As a result, I have to install Flash on all computers, Mac or PC and constantly have to update Flash as well as a result. And no, before anyone says it, its not as simple as just saying to a staff member that they can't use this site because its flash based. 
    This is why it disguises itself as a Flash installer. Public computers are primary targets of botnets. They are not as idiots as we joke...
    dysamoria
  • Reply 14 of 26
    macplusplusmacplusplus Posts: 2,116member
    A piece of malware long targeting Windows users -- known sometimes as "Snake," "Turla," or "Uroboros" -- is now reportedly being turned against Mac owners.

    ...
    Infection is unlikely not just because of Gatekeeper, but because the file must be intentionally downloaded and run, for instance when delivered as an email attachment.
    Intentional download is not required, you can get it via any advertising redirect. If Safari's "Open safe files after downloading" setting is enabled, the malware is run and it appears as a legitimate macOS dialog.

    Check your Downloads folder frequently to discover how much of malware you receive via advertising each day...
    edited May 2017 lostkiwi
  • Reply 15 of 26
    suddenly newtonsuddenly newton Posts: 13,819member
    neilm said:
    Malware pretending to be Flash.
    Bwahahahahahahaha!
    I know, right? What's the difference?  ;)
    StrangeDayslostkiwi
  • Reply 16 of 26
    focherfocher Posts: 688member
    This article is highly inaccurate. It claims Flash was used as an incentive to install the Snake malware. In fact, the Snake application is being used as a ruse to install the Flash malware, which will do untoward more damage than what the article mentions.
    sphericlostkiwi
  • Reply 17 of 26
    tallest skiltallest skil Posts: 43,388member
    eightzero said:
    youtube
    YouTube is such irredeemable garbage on iOS… I've managed to trick it into giving me a QuickTime window for videos (so they can be picture in pictured, airplayed alone, etc.). The regular UI just doesn't cut it.
  • Reply 18 of 26
    djkfisherdjkfisher Posts: 131member
    I dumped flash years ago on all my Macs. Totally unnecessary and a risk not worth taking :(
    dysamorialostkiwi
  • Reply 19 of 26
    dysamoriadysamoria Posts: 3,430member
    macxpress said:
    sflocal said:
    Well. the first mistake this clown did was to pretend to be Adobe Flash.  That alone will pretty much assure that no one on a Mac will install it. :)
    Don't be surprised...many people still need Flash for certain things. Unfortunately, websites still require it here and there. 
    Homestarrunner.com
    tallest skilpscooter63spheric
  • Reply 20 of 26
    dysamoriadysamoria Posts: 3,430member

    Check your Downloads folder frequently to discover how much of malware you receive via advertising each day...
    There's nothing in my downloads folder that I didn't intentionally put there.
Sign In or Register to comment.